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What is claimed is: 



1 1 . A method of file access control comprising: 

2 a. storing an encrypted filename of a file at a location in a 

3 computing system; 

4 b. converting the encrypted filename into a plaintext filename; 

5 c. modifying the plaintext filename into a modified filename; and 

6 d. authorizing an entity to access the file for performing a type of 

7 operation on the file based on the modified filename. 
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The method according to claim 1, wherein said converting comprises 
using a combination of two encryption keys to convert the encrypted 
filename into the plaintext filename. 
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The method according to claim 2, wherein said modifying comprises 
using a first one of the two encryption keys to encrypt the plaintext 
filename into the modified filename. 
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The method according to claim 3, wherein said authorizing 
comprises using the second one of the two encryption keys to 
encrypt the modified filename to form a result and determining 
whether the result matches the encrypted filename. 
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The method according to claim 2, wherein said modifying comprises 
using a first one of the two encryption keys to encrypt the plaintext 
filename and performing a hash function on the filename thereby 
forming the modified filename. 
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The method according to claim 5, wherein said authorizing 
comprises comparing the modified filename to a stored hash value. 
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1 7. The method according to claim 1, wherein said encrypted filename is 

2 encrypted using a first key prior to said storing and further 

3 comprising storing a second encrypted filename of the file at the 

4 location wherein the second encrypted filename is encrypted using a 

5 second key prior to said storing. 

1 8. The method according to claim 7, wherein said converting comprises 

2 using the first key to convert the encrypted filename into the 

3 plaintext filename . 

1 9. The method according to claim 8, wherein said modifying comprises 

2 using the second key to encrypt the plaintext filename into the 

3 modified filename. 

1 10. The method according to claim 9, wherein said authorizing 

2 comprises comparing the modified filename to the second encrypted 

3 filename. 

1 11. The method according to claim 10, wherein said modifying further 

2 comprises performing a hash function on the filename after using the 

3 second key to encrypt the plaintext filename. 

1 12. The method according to claim 1, wherein the plaintext filename 

2 permits read access to the file and wherein said type of operation is a 

3 write operation. 

1 13. The method according to claim 1, wherein said storing comprises 

2 substituting said encrypted filename into a directory structure at the 

3 location in place of the plaintext filename. 
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1 14. The method according to claim 1, further comprising encrypting data 

2 of the file, 

1 15. An apparatus for controlling access to a file, comprising: 

2 a. a server for the storing an encrypted filename associated with 

3 a file; and 

4 b. a client in communication with the server for retrieving the 

5 encrypted filename from the server, for converting the 

6 encrypted filename into a plaintext filename and for 

7 modifying the plaintext filename into a modified filename, 

8 wherein the client provides the modified filename to the server and 

9 wherein the server determines whether the client is authorized to 

10 perform a type of operation on the file based on the modified 

1 1 filename received from the client. 



1 16. The apparatus according to claim 15, wherein the plaintext filename 

2 permits read access to the file and wherein the type of operation to 

3 the file is a write operation. 

1 17. The apparatus according to claim 15, wherein said client converts the 

2 encrypted filename into the plaintext filename using a combination 

3 of two encryption keys. 

1 18. The apparatus according to claim 17, wherein said client forms the 

2 modified filename using a first one of the two encryption keys to 

3 encrypt the plaintext filename. 

1 19. The apparatus according to claim 18, wherein said server detennines 

2 whether the client is authorized to perform the type of operation on 

3 the file by using the second one of the two encryption keys to 

4 encrypt the modified filename to form a result and determines 
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5 whether the result matches the encrypted filename provided by the 

6 client. 

1 20. The apparatus according to claim 17, wherein said client forms the 

2 modified filename using a first one of the two encryption keys to 

3 encrypt the plaintext filename. 

1 21. The apparatus according to claim 20, wherein said server performs a 

2 hash function on the filename to form a result and determines 

3 whether the client is authorized to perform the type of operation on 

4 the file by comparing the result to a stored hash value. 

1 22. The apparatus according to claim 17, wherein said client forms the 

2 modified filename using a first one of the two encryption keys to 

3 encrypt the plaintext filename and performs a hash function on the 

4 filename to form a result and wherein the server detemnines whether 

5 the client is authorized to perform the type of operation on the file by 

6 comparing the result to a stored hash value. 

1 23. The apparatus according to claim 15, wherein the encrypted filename 

2 is encrypted using a first key and wherein the server stores a second 

3 encrypted filename wherein the second encrypted filename is 

4 encrypted using a second key. 

1 24. The apparatus according to claim 23, wherein the client converts the 

2 encrypted filename into the plaintext filename using the first key and 

3 modifies the plaintext filename into the modified filename using the 

4 second key. 

1 25. The apparatus according to claim 24, wherein the server determines 

2 whether the client is authorized to perform a type of operation on the 
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3 file by comparing the modified filename to the second encrypted 

4 filename. 

1 26. The apparatus according to claim 25, wherein the server performs a 

2 hash function on the filename after the chent uses the second key to 

3 modify the filename. 

1 27. The apparatus according to claim 25, wherein the client performs a 

2 hash function on the filename after using the second key to modify 

3 the filename. 

O 1 28. An apparatus for controUing access to a file comprising a server 

ys 2 having a stored encrypted filename of a file, the server being in 

ru 3 communication with a writer and a reader, the writer being a client of 

m 4 the server and having a first key that permits the writer to write to the 

^ ' 5 file and the reader being another cUent of the server and having a 

tj: 6 combination of the first key and a second key wherein the 

C3 7 combination permits the reader to read the file. 

^"^ 1 29. The apparatus according to claim 28, wherein the stored encrypted 

2 filename is obtained by encrypting a filename of the file using the 

3 combination of the first key and the second key. 

1 30. The apparatus according to claim 29, wherein the server determines 

2 that the writer is authorized to write to the file by receiving from the 

3 writer the filename encrypted using the first key, encrypting the 

4 received filename again using the second key thereby forming a 

5 twice encrypted filename and comparing the twice encrypted 

6 filename to the stored encrypted filename. 



18 



Atty. Dkt. No. 10014506-1 



The apparatus according to claim 29, wherein the server determines 
that the writer is authorized to write to the file by receiving from the 
writer the filename encrypted using the first key, applying a hash 
function to the received filename thereby forming a computed hash 
value and comparing the computed hash value to a stored hash value. 

An apparatus for controlling access to a file comprising a server 
having a first stored encrypted filename of the file and a second 
stored encrypted filename of the file, the server being in 
communication with a writer and a reader, the writer being a cUent of 
the server and having a first key that permits the writer to write to the 
file and the reader being another chent of the server and having a 
second key that permits the reader to read the file. 

The apparatus according to claim 32, wherein the reader decrypts the 
first stored encrypted filename using the first key. 

The apparatus according to claim 33, wherein the server determines 
that the writer is authorized to write to the file by receiving from the 
writer the filename encrypted using the second key and comparing 
the received filename to the second stored encrypted filename. 

The apparatus according to claim 33, wherein the server performs a 
hash function on the received filename before comparing the 
received filename to the second stored encrypted filename. 
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